MediaController::mediaThumbnail() - Code Metrics - Inspection of "Scrutinizer Auto-Fixes (#1526)" - fisharebest/webtrees - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — master (380e00)

by Greg

created 2017-12-03 12:10 UTC

MediaController::mediaThumbnail() C

↳ Parent: MediaController

Complexity

Conditions	7
Paths	7

Size

Total Lines	30
Code Lines	18

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	18
nc	7
nop	1
dl	0
loc	30
rs	6.7272
c	0
b	0
f	0

<?php
/**
 * webtrees: online genealogy
 * Copyright (C) 2017 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
declare(strict_types=1);

namespace Fisharebest\Webtrees\Http\Controllers;

use ErrorException;
use Fisharebest\Webtrees\Media;
use Fisharebest\Webtrees\MediaFile;
use Fisharebest\Webtrees\Site;
use Fisharebest\Webtrees\Tree;
use League\Flysystem\Adapter\Local;
use League\Flysystem\Filesystem;
use League\Glide\Filesystem\FileNotFoundException;
use League\Glide\Server;
use League\Glide\ServerFactory;
use League\Glide\Signatures\Signature;
use League\Glide\Signatures\SignatureException;
use League\Glide\Signatures\SignatureFactory;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * Controller for the media page and displaying images.
 */
class MediaController extends BaseController {
	/**
	 * Show an image/thumbnail, with/without a watermark.
	 *
	 * @param Request $request
	 *
	 * @return Response
	 */
	public function mediaThumbnail(Request $request): Response {
		/** @var Tree $tree */
		$tree    = $request->attributes->get('tree');
		$xref    = $request->get('xref');
		$fact_id = $request->get('fact_id');
		$media   = Media::getInstance($xref, $tree);

		if ($media === null) {
			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
		}

		if (!$media->canShow()) {
			return $this->httpStatusAsImage(Response::HTTP_FORBIDDEN);
		}

		// @TODO handle SVG files
		foreach ($media->mediaFiles() as $media_file) {
			if ($media_file->factId() === $fact_id) {
				if ($media_file->isExternal()) {
					return new RedirectResponse($media_file->filename());
				} else if ($media_file->isImage()) {
					return $this->generateImage($media_file, $request->query->all());
				} else {
					return $this->fileExtensionAsImage($media_file->extension());
				}
			}
		}

		return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
	}

	/**
	 * Generate a thumbnail for an unsed media file (i.e. not used by any media object).
	 *
	 * @param Request $request
	 *
	 * @return Response
	 */
	public function unusedMediaThumbnail(Request $request): Response {
		$folder = $request->get('folder');
		$file   = $request->get('file');

		try {
			$server = $this->glideServer($folder);
			$path   = $server->makeImage($file, $request->query->all());
			$cache  = $server->getCache();

			return new Response($cache->read($path), Response::HTTP_OK, [
				'Content-Type'   => $cache->getMimeType($path),
				'Content-Length' => $cache->getSize($path),
				'Cache-Control'  => 'max-age=31536000, public',
				'Expires'        => date_create('+1 years')->format('D, d M Y H:i:s') . ' GMT',
			]);
		} catch (FileNotFoundException $ex) {
			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
		} catch (ErrorException $ex) {
			return $this->httpStatusAsImage(Response::HTTP_INTERNAL_SERVER_ERROR);
		}
	}

	/**
	 * Generate a thumbnail image for a file.
	 *
	 * @param MediaFile $media_file
	 * @param array     $params
	 *
	 * @return Response
	 */
	private function generateImage(MediaFile $media_file, array $params): Response {
		try {
			// Validate HTTP signature
			$signature = $this->glideSignature();

			$signature->validateRequest(parse_url(WT_BASE_URL . 'index.php', PHP_URL_PATH), $params);


			$server = $this->glideServer($media_file->folder());
			$path   = $server->makeImage($media_file->filename(), $params);

			return new Response($server->getCache()->read($path), Response::HTTP_OK, [
				'Content-Type'   => $server->getCache()->getMimeType($path),
				'Content-Length' => $server->getCache()->getSize($path),
				'Cache-Control'  => 'max-age=31536000, public',
				'Expires'        => date_create('+1 years')->format('D, d M Y H:i:s') . ' GMT',
			]);
		} catch (SignatureException $ex) {
			return $this->httpStatusAsImage(Response::HTTP_FORBIDDEN);
		} catch (FileNotFoundException $ex) {
			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
		} catch (ErrorException $ex) {
			return $this->httpStatusAsImage(Response::HTTP_INTERNAL_SERVER_ERROR);
		}
	}

	/**
	 * Create a glide server to generate files in the specified folder
	 *
	 * Caution: $media_folder may contain relative paths: ../../
	 *
	 * @param string $media_folder
	 *
	 * @return Server
	 */
	private function glideServer(string $media_folder): Server {
		$cache_folder     = new Filesystem(new Local(WT_DATA_DIR . 'thumbnail-cache/' . md5($media_folder)));
		$driver           = $this->graphicsDriver();
		$source_folder    = new Filesystem(new Local($media_folder));
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
		$watermark_folder = new Filesystem(new Local('assets'));

		return ServerFactory::create([
			'cache'      => $cache_folder,
			'driver'     => $driver,
			'source'     => $source_folder,
			'watermarks' => $watermark_folder,
		]);
	}

	/**
	 * Generate a signature, to verify the request parameters.
	 *
	 * @return Signature
	 */
	private function glideSignature(): Signature {
		$glide_key = Site::getPreference('glide-key');
		$signature = SignatureFactory::create($glide_key);

		return $signature;
	}

	/**
	 * Which graphics driver should we use for glide/intervention?
	 *
	 * Prefer ImageMagick
	 *
	 * @return string
	 */
	private function graphicsDriver(): string {
		if (extension_loaded('imagick')) {
			$driver = 'imagick';
		} else {
			$driver = 'gd';
		}

		return $driver;
	}

	/**
	 * Send a dummy image, to replace one that could not be found or created.
	 *
	 * @param int $status HTTP status code
	 *
	 * @return Response
	 */
	private function httpStatusAsImage(int $status): Response {
		$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100"><rect width="100" height="100" fill="#F88" /><text x="5" y="55" font-family="Verdana" font-size="35">' . $status . '</text></svg>';

		// We can't use the actual status code, as browser's won't show images with 4xx/5xx
		return new Response($svg, Response::HTTP_OK, [
			'Content-Type' => 'image/svg+xml'
		]);
	}

	/**
	 * Send a dummy image, to replace a non-image file.
	 *
	 * @param string $extension
	 *
	 * @return Response
	 */
	private function fileExtensionAsImage(string $extension): Response {
		$extension = '.' . strtolower($extension);

		$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100"><rect width="100" height="100" fill="#88F" /><text x="5" y="60" font-family="Verdana" font-size="30">' . $extension . '</text></svg>';

		return new Response($svg, Response::HTTP_OK, [
			'Content-Type' => 'image/svg+xml'
		]);
	}
}


Branch — master (380e00)

MediaController::mediaThumbnail() C

Complexity

Size

Duplication

Importance

8 paths for user data to reach this point

Used in path-write context

General Strategies to prevent injection

1			<?php
2			/**
3			* webtrees: online genealogy
4			* Copyright (C) 2017 webtrees development team
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation, either version 3 of the License, or
8			* (at your option) any later version.
9			* This program is distributed in the hope that it will be useful,
10			* but WITHOUT ANY WARRANTY; without even the implied warranty of
11			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			* GNU General Public License for more details.
13			* You should have received a copy of the GNU General Public License
14			* along with this program. If not, see <http://www.gnu.org/licenses/>.
15			*/
16			declare(strict_types=1);
17
18			namespace Fisharebest\Webtrees\Http\Controllers;
19
20			use ErrorException;
21			use Fisharebest\Webtrees\Media;
22			use Fisharebest\Webtrees\MediaFile;
23			use Fisharebest\Webtrees\Site;
24			use Fisharebest\Webtrees\Tree;
25			use League\Flysystem\Adapter\Local;
26			use League\Flysystem\Filesystem;
27			use League\Glide\Filesystem\FileNotFoundException;
28			use League\Glide\Server;
29			use League\Glide\ServerFactory;
30			use League\Glide\Signatures\Signature;
31			use League\Glide\Signatures\SignatureException;
32			use League\Glide\Signatures\SignatureFactory;
33			use Symfony\Component\HttpFoundation\RedirectResponse;
34			use Symfony\Component\HttpFoundation\Request;
35			use Symfony\Component\HttpFoundation\Response;
36
37			/**
38			* Controller for the media page and displaying images.
39			*/
40			class MediaController extends BaseController {
41			/**
42			* Show an image/thumbnail, with/without a watermark.
43			*
44			* @param Request $request
45			*
46			* @return Response
47			*/
48			public function mediaThumbnail(Request $request): Response {
49			/** @var Tree $tree */
50			$tree = $request->attributes->get('tree');
51			$xref = $request->get('xref');
52			$fact_id = $request->get('fact_id');
53			$media = Media::getInstance($xref, $tree);
54
55			if ($media === null) {
56			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
57			}
58
59			if (!$media->canShow()) {
60			return $this->httpStatusAsImage(Response::HTTP_FORBIDDEN);
61			}
62
63			// @TODO handle SVG files
64			foreach ($media->mediaFiles() as $media_file) {
65			if ($media_file->factId() === $fact_id) {
66			if ($media_file->isExternal()) {
67			return new RedirectResponse($media_file->filename());
68			} else if ($media_file->isImage()) {
69			return $this->generateImage($media_file, $request->query->all());
70			} else {
71			return $this->fileExtensionAsImage($media_file->extension());
72			}
73			}
74			}
75
76			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
77			}
78
79			/**
80			* Generate a thumbnail for an unsed media file (i.e. not used by any media object).
81			*
82			* @param Request $request
83			*
84			* @return Response
85			*/
86			public function unusedMediaThumbnail(Request $request): Response {
87			$folder = $request->get('folder');
88			$file = $request->get('file');
89
90			try {
91			$server = $this->glideServer($folder);
92			$path = $server->makeImage($file, $request->query->all());
93			$cache = $server->getCache();
94
95			return new Response($cache->read($path), Response::HTTP_OK, [
96			'Content-Type' => $cache->getMimeType($path),
97			'Content-Length' => $cache->getSize($path),
98			'Cache-Control' => 'max-age=31536000, public',
99			'Expires' => date_create('+1 years')->format('D, d M Y H:i:s') . ' GMT',
100			]);
101			} catch (FileNotFoundException $ex) {
102			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
103			} catch (ErrorException $ex) {
104			return $this->httpStatusAsImage(Response::HTTP_INTERNAL_SERVER_ERROR);
105			}
106			}
107
108			/**
109			* Generate a thumbnail image for a file.
110			*
111			* @param MediaFile $media_file
112			* @param array $params
113			*
114			* @return Response
115			*/
116			private function generateImage(MediaFile $media_file, array $params): Response {
117			try {
118			// Validate HTTP signature
119			$signature = $this->glideSignature();
120
121			$signature->validateRequest(parse_url(WT_BASE_URL . 'index.php', PHP_URL_PATH), $params);
			0 ignored issues – show Security Bug introduced 2017-12-02 17:57 UTC by Report Bug Copy Issue Report It seems like `parse_url(WT_BASE_URL . ...dex.php', PHP_URL_PATH)` targeting `parse_url()` can also be of type `false`; however, `League\Glide\Signatures\...ture::validateRequest()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history...
122
123			$server = $this->glideServer($media_file->folder());
124			$path = $server->makeImage($media_file->filename(), $params);
125
126			return new Response($server->getCache()->read($path), Response::HTTP_OK, [
127			'Content-Type' => $server->getCache()->getMimeType($path),
128			'Content-Length' => $server->getCache()->getSize($path),
129			'Cache-Control' => 'max-age=31536000, public',
130			'Expires' => date_create('+1 years')->format('D, d M Y H:i:s') . ' GMT',
131			]);
132			} catch (SignatureException $ex) {
133			return $this->httpStatusAsImage(Response::HTTP_FORBIDDEN);
134			} catch (FileNotFoundException $ex) {
135			return $this->httpStatusAsImage(Response::HTTP_NOT_FOUND);
136			} catch (ErrorException $ex) {
137			return $this->httpStatusAsImage(Response::HTTP_INTERNAL_SERVER_ERROR);
138			}
139			}
140
141			/**
142			* Create a glide server to generate files in the specified folder
143			*
144			* Caution: $media_folder may contain relative paths: ../../
145			*
146			* @param string $media_folder
147			*
148			* @return Server
149			*/
150			private function glideServer(string $media_folder): Server {
151			$cache_folder = new Filesystem(new Local(WT_DATA_DIR . 'thumbnail-cache/' . md5($media_folder)));
152			$driver = $this->graphicsDriver();
153			$source_folder = new Filesystem(new Local($media_folder));
			0 ignored issues – show Security File Manipulation introduced 2017-12-02 19:19 UTC by Report Bug Copy Issue Report `$media_folder` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. 8 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 314 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$request` is passed to Request::__construct() in vendor/Request.php on line 2031 `$request` is passed to Request::initialize() in vendor/Request.php on line 255 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 273 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 304 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 304 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2031 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2031 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2031 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 380 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 380 `$server` is assigned in vendor/Request.php on line 428 `$server` is assigned in vendor/Request.php on line 429 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 431 `$server` is passed to Request::__construct() in vendor/Request.php on line 2031 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `(array) $values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 141 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 144 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1795 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1826 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `(array) $values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 141 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 144 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1795 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1826 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 84 ParameterBag::get() returns tainted data, and `$result` is assigned in vendor/Request.php on line 805 Request::get() returns tainted data, and `$folder` is assigned in app/Http/Controllers/MediaController.php on line 87 `$folder` is passed to MediaController::glideServer() in app/Http/Controllers/MediaController.php on line 91 Used in path-write context Local::__construct() uses Local::ensureDirectory() ($root) in vendor/src/Adapter/Local.php on line 78 Local::ensureDirectory() uses mkdir() ($pathname) in vendor/src/Adapter/Local.php on line 102 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
154			$watermark_folder = new Filesystem(new Local('assets'));
155
156			return ServerFactory::create([
157			'cache' => $cache_folder,
158			'driver' => $driver,
159			'source' => $source_folder,
160			'watermarks' => $watermark_folder,
161			]);
162			}
163
164			/**
165			* Generate a signature, to verify the request parameters.
166			*
167			* @return Signature
168			*/
169			private function glideSignature(): Signature {
170			$glide_key = Site::getPreference('glide-key');
171			$signature = SignatureFactory::create($glide_key);
172
173			return $signature;
174			}
175
176			/**
177			* Which graphics driver should we use for glide/intervention?
178			*
179			* Prefer ImageMagick
180			*
181			* @return string
182			*/
183			private function graphicsDriver(): string {
184			if (extension_loaded('imagick')) {
185			$driver = 'imagick';
186			} else {
187			$driver = 'gd';
188			}
189
190			return $driver;
191			}
192
193			/**
194			* Send a dummy image, to replace one that could not be found or created.
195			*
196			* @param int $status HTTP status code
197			*
198			* @return Response
199			*/
200			private function httpStatusAsImage(int $status): Response {
201			$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100"><rect width="100" height="100" fill="#F88" /><text x="5" y="55" font-family="Verdana" font-size="35">' . $status . '</text></svg>';
202
203			// We can't use the actual status code, as browser's won't show images with 4xx/5xx
204			return new Response($svg, Response::HTTP_OK, [
205			'Content-Type' => 'image/svg+xml'
206			]);
207			}
208
209			/**
210			* Send a dummy image, to replace a non-image file.
211			*
212			* @param string $extension
213			*
214			* @return Response
215			*/
216			private function fileExtensionAsImage(string $extension): Response {
217			$extension = '.' . strtolower($extension);
218
219			$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100"><rect width="100" height="100" fill="#88F" /><text x="5" y="60" font-family="Verdana" font-size="30">' . $extension . '</text></svg>';
220
221			return new Response($svg, Response::HTTP_OK, [
222			'Content-Type' => 'image/svg+xml'
223			]);
224			}
225			}
226

fisharebest / webtrees

Branch — master (380e00)

MediaController::mediaThumbnail() C

Complexity

Size

Duplication

Importance

8 paths for user data to reach this point

Used in path-write context

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like